Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Antivirus/Trojan/Spyware scanners DoS!

From: npguy <npguy () websurfer com np>
Date: Mon, 14 Jun 2004 10:42:06 +0545
clam use unzip utility outside its process space. if unzip itself is 
vulnerable (not in case of linux) then clam may face similar problem

check  "manager.c" of clam 0.15


    242     if(strbcasestr(filename, ".zip")) {
    243         char *args[] = { "unzip", "-P", "clam", "-o", (char *) 
filename, NULL };
    244         if((userprg = getargl(opt, "unzip")))
    245             ret = clamav_unpack(userprg, args, tmpdir, user, opt);
    246         else
    247             ret = clamav_unpack("unzip", args, tmpdir, user, opt);




On Monday 14 June 2004 09:36 am, Syke wrote:

$ clamscan -V
clamscan / ClamAV version 0.71
$ clamscan SERVER_dwn.zip
SERVER_dwn.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 21951
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 20.13 MB
I/O buffer size: 131072 bytes
Time: 5.447 sec (0 m 5 s)

No problems for me.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: